Module: sip-router Branch: andrei/tcp_tls_changes Commit: 7ac98ae71a7b0ffe157200362971df9006347986 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7ac98ae… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri May 28 13:18:57 2010 +0200 tls: added tls.options rpc - fixed ca list string initializer - removed fixups from read-only config variables - added a new tls.options rpc that dumps the entire tls config. E.g.: sercmd> tls.options { force_run: 0 method: TLSv1 verify_certificate: 0 verify_depth: 9 require_certificate: 0 private_key: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.key ca_list: certificate: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.pem cipher_list: session_cache: 0 session_id: sip-router-tls-3.1 config: log: 0 connection_timeout: 600 disable_compression: 1 ssl_release_buffers: 0 ssl_freelist_max: 0 ssl_max_send_fragment: -1 ssl_read_ahead: 1 low_mem_threshold1: 15204352 low_mem_threshold2: 7602176 } --- modules/tls/tls_cfg.c | 14 +++++++++----- modules/tls/tls_rpc.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c index 32c37a6..e3d7b00 100644 --- a/modules/tls/tls_cfg.c +++ b/modules/tls/tls_cfg.c @@ -40,7 +40,11 @@ struct cfg_group_tls default_tls_cfg = { 9, /* verify_depth */ 0, /* require_certificate */ STR_STATIC_INIT(TLS_PKEY_FILE), /* private_key */ +#if TLS_CA_FILE == 0 + STR_NULL, +#else STR_STATIC_INIT(TLS_CA_FILE), /* ca_list */ +#endif STR_STATIC_INIT(TLS_CERT_FILE), /* certificate */ STR_NULL, /* cipher_list */ 0, /* session_cache */ @@ -96,7 +100,7 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val) static char path_buf[MAX_PATH_SIZE]; f = *val; - if (f && f->s) { + if (f && f->s && f->len) { new_f.s = get_abs_pathname(0, f); if (new_f.s == 0) return -1; @@ -130,12 +134,12 @@ cfg_def_t tls_cfg_def[] = { " verification go in the search for a trusted CA" }, {"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0, "if enabled a certificate will be required from clients" }, - {"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0, + {"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, "name of the file containing the private key (pem format), if not" " contained in the certificate file" }, - {"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0, + {"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, "name of the file containing the trusted CA list (pem format)" }, - {"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0, + {"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, "name of the file containing the certificate (pem format)" }, {"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, "list of the accepted ciphers (strings separated by colons)" }, @@ -180,7 +184,7 @@ cfg_def_t tls_cfg_def[] = { static int fix_initial_pathname(str* path) { str new_path; - if (path->s) { + if (path->s && path->len) { new_path.s = get_abs_pathname(0, path); if (new_path.s == 0) return -1; new_path.len = strlen(new_path.s); diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c index d5176ac..826f12c 100644 --- a/modules/tls/tls_rpc.c +++ b/modules/tls/tls_rpc.c @@ -161,10 +161,47 @@ static void tls_info(rpc_t* rpc, void* c) +static const char* tls_options_doc[2] = { + "Dumps all the tls config options.", + 0 }; + +static void tls_options(rpc_t* rpc, void* c) +{ + void* handle; + rpc->add(c, "{", &handle); + rpc->struct_add(handle, "dSdddSSSSdSSddddddddd", + "force_run", cfg_get(tls, tls_cfg, force_run), + "method", &cfg_get(tls, tls_cfg, method), + "verify_certificate", cfg_get(tls, tls_cfg, verify_cert), + + "verify_depth", cfg_get(tls, tls_cfg, verify_depth), + "require_certificate", cfg_get(tls, tls_cfg, require_cert), + "private_key", &cfg_get(tls, tls_cfg, private_key), + "ca_list", &cfg_get(tls, tls_cfg, ca_list), + "certificate", &cfg_get(tls, tls_cfg, certificate), + "cipher_list", &cfg_get(tls, tls_cfg, cipher_list), + "session_cache", cfg_get(tls, tls_cfg, session_cache), + "session_id", &cfg_get(tls, tls_cfg, session_id), + "config", &cfg_get(tls, tls_cfg, config_file), + "log", cfg_get(tls, tls_cfg, log), + "connection_timeout", TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)), + "disable_compression", cfg_get(tls, tls_cfg, disable_compression), + "ssl_release_buffers", cfg_get(tls, tls_cfg, ssl_release_buffers), + "ssl_freelist_max", cfg_get(tls, tls_cfg, ssl_freelist_max), + "ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment), + "ssl_read_ahead", cfg_get(tls, tls_cfg, ssl_read_ahead), + "low_mem_threshold1", cfg_get(tls, tls_cfg, low_mem_threshold1), + "low_mem_threshold2", cfg_get(tls, tls_cfg, low_mem_threshold2) + ); +} + + + rpc_export_t tls_rpc[] = { {"tls.reload", tls_reload, tls_reload_doc, 0}, {"tls.list", tls_list, tls_list_doc, RET_ARRAY}, {"tls.info", tls_info, tls_info_doc, 0}, + {"tls.options",tls_options, tls_options_doc, 0}, {0, 0, 0, 0} };